Wireless intrusion detection and device fingerprinting through preamble manipulation

Abstract

A method of establishing a hardware identity of a coordinating device in a wireless network is provided. A standard PHY preamble is modified to a preamble that can be received by the coordinating device having an expected hardware configuration. The modified PHY preamble is transmitted with an association request by a joining device. In response to not receiving a reply containing an association response from the coordinating device by the joining device, determining the hardware configuration of the coordinating device is not the expected hardware configuration. A further method of characterizing a hardware identity of a device in a wireless network is also provided. A request with a modified PHY preamble is transmitted to a device. If a reply is received from the device, characterizing the device as a first hardware type. And, if a reply is not received, characterizing the device as not the first hardware type.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS[0001]This application claims the benefit of and priority to U.S. Provisional Application Ser. No. 62 / 055,362, entitled “Wireless Intrusion Detection and Device Fingerprinting through Preamble Manipulation,” filed on Sep. 25, 2014, the entirety of which is incorporated by reference herein.RIGHTS OF THE GOVERNMENT[0002]The invention described herein may be manufactured and used by or for the Government of the United States for all governmental purposes without the payment of any royalty.BACKGROUND OF THE INVENTION[0003]Field of the Invention[0004]The present invention generally relates to wireless networks and, more particularly, to wireless intrusion detection.[0005]Description of the Related Art[0006]Low-rate Wireless Personal Area Networks (WPANs) enable energy-efficient connectivity among large numbers of devices. The IEEE 802.15.4 specification is an industry standard for low-power, low-rate, WPANs. Low implementation costs associated with ...

AI Technical Summary

Benefits of technology

[0012]Wireless networks are particularly vulnerable to spoofing and route poisoning attacks due to the contested transmission medium. Embodiments of the invention demonstrate a novel and complementary approach to exploiting physical layer differences among wireless devices that is more energy efficient and invariant with respect to the environment. Specifically, the embodiments exploit subtle design differences among transceiver hardware types. Transceivers fulfill the physical layer aspects of wireless networking protocols, yet specific hardware implementations vary among manufacturers and device types. Precise manipulation of the physical layer preamble may assist in preventing a subset of transceiver types from receiving the modified packet. By soliciting acknowledgments from wireless devices using a small number of packets with modified preambles, a response pattern identifies the true transceiver class of the device under test. Herein the embodiments demonstrate a transceiver taxonomy of eight manufacturers into seven classes with greater than 99% accuracy, irrespective of environment. Wireless multi-factor authentication, intrusion detection, and transceiver type fingerprinting through preamble manipulation is successfully demonstrated.

Problems solved by technology

Wireless networks are particularly vulnerable to spoofing and route poisoning attacks due to the contested transmission medium.

Images